gitlab-org--gitlab-foss/spec/services/projects/transfer_service_spec.rb
Yorick Peterse ebae38394d
Refresh authorizations when transferring projects
This ensures that project authorizations are refreshed when moving a
project from one namespace to another. When doing so the permissions for
all users of both the old and new namespaces are refreshed.

See #26194 for more information.
2017-02-07 14:58:49 +01:00

112 lines
3.4 KiB
Ruby

require 'spec_helper'
describe Projects::TransferService, services: true do
let(:user) { create(:user) }
let(:group) { create(:group) }
let(:project) { create(:project, namespace: user.namespace) }
context 'namespace -> namespace' do
before do
allow_any_instance_of(Gitlab::UploadsTransfer).
to receive(:move_project).and_return(true)
allow_any_instance_of(Gitlab::PagesTransfer).
to receive(:move_project).and_return(true)
group.add_owner(user)
@result = transfer_project(project, user, group)
end
it { expect(@result).to be_truthy }
it { expect(project.namespace).to eq(group) }
end
context 'namespace -> no namespace' do
before do
@result = transfer_project(project, user, nil)
end
it { expect(@result).to eq false }
it { expect(project.namespace).to eq(user.namespace) }
end
context 'disallow transfering of project with tags' do
before do
stub_container_registry_config(enabled: true)
stub_container_registry_tags('tag')
end
subject { transfer_project(project, user, group) }
it { is_expected.to be_falsey }
end
context 'namespace -> not allowed namespace' do
before do
@result = transfer_project(project, user, group)
end
it { expect(@result).to eq false }
it { expect(project.namespace).to eq(user.namespace) }
end
def transfer_project(project, user, new_namespace)
Projects::TransferService.new(project, user).execute(new_namespace)
end
context 'visibility level' do
let(:internal_group) { create(:group, :internal) }
before { internal_group.add_owner(user) }
context 'when namespace visibility level < project visibility level' do
let(:public_project) { create(:project, :public, namespace: user.namespace) }
before { transfer_project(public_project, user, internal_group) }
it { expect(public_project.visibility_level).to eq(internal_group.visibility_level) }
end
context 'when namespace visibility level > project visibility level' do
let(:private_project) { create(:project, :private, namespace: user.namespace) }
before { transfer_project(private_project, user, internal_group) }
it { expect(private_project.visibility_level).to eq(Gitlab::VisibilityLevel::PRIVATE) }
end
end
context 'missing group labels applied to issues or merge requests' do
it 'delegates tranfer to Labels::TransferService' do
group.add_owner(user)
expect_any_instance_of(Labels::TransferService).to receive(:execute).once.and_call_original
transfer_project(project, user, group)
end
end
describe 'refreshing project authorizations' do
let(:group) { create(:group) }
let(:owner) { project.namespace.owner }
let(:group_member) { create(:user) }
before do
group.add_user(owner, GroupMember::MASTER)
group.add_user(group_member, GroupMember::DEVELOPER)
end
it 'refreshes the permissions of the old and new namespace' do
transfer_project(project, owner, group)
expect(group_member.authorized_projects).to include(project)
expect(owner.authorized_projects).to include(project)
end
it 'only schedules a single job for every user' do
expect(UserProjectAccessChangedService).to receive(:new).
with([owner.id, group_member.id]).
and_call_original
transfer_project(project, owner, group)
end
end
end